package fuzion24.device.vulnerability.vulnerabilities.framework.jar;

import android.content.Context;

import fuzion24.device.vulnerability.util.CPUArch;
import fuzion24.device.vulnerability.vulnerabilities.VulnerabilityTest;

import java.io.File;
import java.util.ArrayList;
import java.util.List;

// https://android.googlesource.com/platform/libcore/+/cb11b9fff2a1af8bb4fcad18986003a7f59189c6 //Tests
// https://android.googlesource.com/platform/libcore/+/2bc5e811a817a8c667bca4318ae98582b0ee6dc6 //Fix
// http://bluebox.com/technical/android-fake-id-vulnerability/
// https://bluebox.com/wp-content/uploads/2014/08/us-14-Forristal-Android_FakeID_FINAL.compressed.pdf


public class JarBug13678484 implements VulnerabilityTest {

    @Override
    public List<CPUArch> getSupportedArchitectures() {
        ArrayList<CPUArch> archs = new ArrayList<>();
        archs.add(CPUArch.ALL);
        return archs;
    }

    @Override
    public String getCVEorID() {
        return "JarBug13678484";
    }

    @Override
    public boolean isVulnerable(Context context) throws Exception {
        // Check for the existence of this constructor:
        // public JarFile(File file, boolean verify, int mode, boolean chainCheck)
        try {
            java.util.jar.JarFile.class.getConstructor(File.class, boolean.class, int.class, boolean.class);
            return false;
        } catch(NoSuchMethodException e) {
            return true;
        }
    }
}
